CYNERGI
   
About us; PartnersPortfolio & major clientsFAQ, support & contacts
Português!Home
Web EngineeringWeb HostingWeb Consulting

Developer configured PHP


Only a developer really knows what is essential in a good PHP environment. And Cynergi has been developing in PHP for almost years.



Hosting with PHP

Family Hosting 
Reserve a domain name for your family name, create e-mail addresses for your children!

Professional Hosting 
With dual domain name included, pre-installed resources for Web development and professional Webmail with employee monitoring support. Includes one Web site template of your choice, for free.

Commerce Hosting 
With triple domain names and built-in EV certificate, these hosting accounts have everything you need to start a trusted electronic commerce site on the Internet. Includes two Web site templates of your choice, for free.

Server 
Adding full predictability to your hosting: a full dedicated non-virtual non-cloud* server with its own FQDN* and IP address* adds performance predictability to your site and reduces the chances that your sent e-mail messages are flagged as spam by recipients.

PHP configuration

PHP version:
5.2.4 or later

External modules installed:

Note: under Windows the image module also supports Type 1* fonts.

PHP's standard modules are also installed: Bzip2, ctype, iconv, Mimetype, PCRE, etc..

Testing

Q. May I test your PHP platform?
A. Unfortunately, no. The hosting must be paid for to avoid allowing a hacker untraceable access to our systems.


  Order 

Production
environment


PHP Hypertext Preprocessor is the oldest and most stable Web server application development language in the market. It is a fast and versatile open source language that we offer in our Unix and Windows servers under a professional production environment.

The development of any PHP application should always be done in the site owner's premises, hidden away from the public. Only when that code reaches stability should it be published on the Web site server.

Because our servers will hold production code, they will not show PHP warnings because PHP can recover from them and there's valid PHP code that generates warnings. Seeing such warnings might suggest to the visitor that the site he was visiting was not professionally developed. PHP errors are displayed to the visitor, though. This avoids having the visitor see a blank or partially loaded page without further information of what is happening. This way the visitor might call you to report the error instead of just leaving.

If you need our servers to display PHP warnings for final quality testing, you can do:

error_reporting( E_ALL );

On the other hand, the programmer needs much more than just hidden warnings to be able to offer professional applications. With that in mind, our PHP setup includes the modules described to the left.

These were chosen for their importance in professional PHP applications. For instance, mbstring is essential for pages processing data (client names, etc.) with non-Latin characters, bcmath is fundamental for scripts that process financial or monetary data (such as shopping carts), CURL, ODBC, XML and Zlib to access external data, etc..

Those modules and PHP itself were configured for optimized security and maximum function. Paradoxically, PHP's "safe mode" is off. This is because safe mode disables important features of the mail() function, amongst others. fopen("http://...") and similar functions are available to make it easier to access external data. PHP is configured to auto-detect text files' line ending so that functions such as file() work properly with files coming from Windows, Unix and Apple (Macintosh).

These and many other specialized configurations offer you a professional hosting environment for your PHP applications.

PHP
security


Security is always a compromise between "closed doors" and function. In our platform, we believe to have achieved an excellent balance between these requirements.

For instance, GET/POST/Cookie variables are not automatically registered, i.e., if you call a script with:

mypage.php?var=1

the script will not have a $var variable available. You should instead use

$_REQUEST["var"]

to read its value. This prevents your script's variables from being externally influenced.

The value of each of those variables is also protected by "magic quotes", a PHP feature that runs the addslashes() function for all variables received from the outside. This guarantees that small and short PHP scripts will have less security problems, while big professionally developed PHP applications can easily remove that protection using the reverse function stripslashes() or including our esx.nomagic.php script.

To prevent a script from using up all available server memory, they cannot use more than 8Mb and cannot receive an upload larger than 5Mb. Database connections also cannot be persistent for the same reason.

To prevent a script from using server resources indefinitely, PHP can take up to 60s handling incoming data before starting the script, and 30s in running the script. If these times are exceeded the script will be aborted.

Finally, to guarantee script and data privacy, each script is only allowed to open the files corresponding to its Web site in the server and not files from its "neighbors" on the same server. This means that files received by upload should be moved to your Web site area with the function move_uploaded_file(). You can also open your MySQL database with a simple mysql_connect() (without server, user or password), which ensures you do not expose database access passwords in the code.

Even though we went to great lengths to supply a secure production environment, we are aware there are known security problems with some PHP functions. The dl() function for instance was disabled to prevent internal attacks to the Web server. Other useful functions were not disabled, but can cause problems. Such behaviors are monitored and lead to hosting account suspension.

Group Corebase